Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Infektion Windows Vista

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.08.2012, 12:38   #1
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Hallo und guten tag,
Ich habe mir gestern diesen GVU trojaner eingefangen der mich aufforderte 100 euro per ukash oder paysafecard einzulösen um wieder normal an meinem rechner arbeiten zu können.
Ich habe im abgesicherten Modus hochgefahren und systemwiederherstellung gemacht.
Nun meldet er sich nichtmehr allerdings läuft der laptop nichtmehr ganz rund,denke da spukt noch was herum.
Ich bin neu hier und habe von computern ein wenig ahnung aber begrenzt, mein freund hilft mir ein wenig,würde mich sehr freuen wenn ihr mir helfen könntet.

Als erstes hier die erwünschten logs um einsicht in das system zu haben

Hier das OTL log:

Code:
ATTFilter
OTL logfile created on: 17.08.2012 12:52:44 - Run 3
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 63,91% Memory free
3,96 Gb Paging File | 3,09 Gb Available in Paging File | 78,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,25 Gb Total Space | 38,39 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mama\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
PRC - C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WG111T) -- system32\DRIVERS\WG111Tv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (69377452) -- C:\Windows\System32\drivers\69377452.sys (Kaspersky Lab)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (setup_9.0.0.722_14.08.2012_12-35drv) -- C:\Windows\System32\drivers\6937745.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (69377451) -- C:\Windows\System32\drivers\69377451.sys (Kaspersky Lab)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.)
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (SIS163u) -- C:\Windows\System32\drivers\sis163u.sys (Silicon Integrated Systems Corp.)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (ssm_bus) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (DNISp50) -- C:\Windows\System32\drivers\DNISP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DNIMp50) -- C:\Windows\System32\drivers\DNIMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes,DefaultScope = {19AD08EA-03F1-488E-B94B-C05722DA6C8D}
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.30 14:23:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.20 22:59:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.30 14:23:31 | 000,000,000 | ---D | M]
 
[2009.12.31 18:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Extensions
[2012.08.14 20:59:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions
[2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
[2012.08.14 20:55:23 | 000,000,000 | ---D | M] (Facebook Share Button) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\extensions\{d4e0dc9c-c356-438e-afbe-dca439f4399d}
[2012.08.01 16:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions
[2010.09.03 16:26:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.01 16:32:08 | 000,000,000 | ---D | M] (Facebook Touch Panel) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\{7bf3f322-c1a4-4654-b9b0-e0ddf67d86c2}
[2012.05.18 12:14:42 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\jgufvso6.default\extensions\ich@maltegoetz.de
[2012.05.03 13:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.08.14 20:55:22 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\MAMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQE0YR0W.DEFAULT-1136075560189\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012.08.14 20:55:23 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\MAMA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HQE0YR0W.DEFAULT-1136075560189\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2012.07.20 22:59:56 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.19 22:33:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 08:57:59 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 08:57:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 08:57:59 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.02.13 08:57:59 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 08:57:59 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 08:57:59 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\Toolbar\WebBrowser: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VistaADeck\HDAudioCPL.exe (VIA.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [recinfo28] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000..\Run: [huufr.exe] C:\Users\Mama\AppData\Roaming\Ugih\huufr.exe File not found
O4 - Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.08.2012_12-35.lnk = C:\Users\Mama\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.08.2012_12-35\startup.exe ()
O7 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B7AC4E5-810C-484F-B2F4-E22570076F1D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC55169-5853-4D89-8775-1E14EDAF31E7}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4573CF0-FA08-4517-9C15-4AB59BCF7DA6}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mama\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell - "" = AutoRun
O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell - "" = AutoRun
O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell - "" = AutoRun
O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.17 00:34:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2012.08.17 00:29:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Malwarebytes
[2012.08.17 00:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.17 00:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.17 00:29:25 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.17 00:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.16 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\DJ Tomekk - Numma Eyns
[2012.08.12 20:13:33 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Fanda Games
[2012.08.12 03:56:54 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\AzuazGames
[2012.08.12 01:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2012.08.11 23:49:09 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Dracula 3 Part 1
[2012.08.10 16:31:15 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012.08.10 16:23:55 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2012.08.10 16:23:04 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2012.08.10 16:22:56 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Image-Line
[2012.08.10 16:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2012.08.10 16:22:23 | 001,554,944 | ---- | C] (HMS hxxp://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2012.08.10 16:22:23 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2012.08.10 16:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2012.08.10 01:35:35 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\City Interactive 3 Days Zoo Mystery
[2012.08.10 01:06:57 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2012.08.10 01:06:57 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2012.08.10 01:06:57 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2012.08.10 01:06:55 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012.08.10 01:06:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012.08.10 01:06:51 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012.08.10 01:01:07 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2012.08.10 01:01:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2012.08.10 01:01:04 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2012.08.10 01:01:04 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2012.08.10 01:01:04 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2012.08.10 01:01:03 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2012.08.10 01:01:03 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2012.08.10 01:01:01 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2012.08.10 01:01:01 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2012.08.10 01:00:58 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2012.08.10 01:00:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2012.08.10 01:00:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2012.08.10 01:00:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2012.08.10 01:00:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2012.08.10 01:00:51 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2012.08.10 01:00:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2012.08.10 01:00:51 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2012.08.10 01:00:50 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2012.08.10 01:00:49 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2012.08.10 01:00:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2012.08.10 01:00:47 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2012.08.10 00:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
[2012.08.10 00:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\City Interactive
[2012.08.10 00:54:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.08.09 23:11:47 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\NPS
[2012.08.09 16:35:52 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Spiele
[2012.08.08 22:48:35 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\EntwinedSoD
[2012.08.08 13:56:02 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\AlawarEntertainment
[2012.08.07 23:49:41 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MumboJumbo
[2012.08.06 19:14:55 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Deep Shadows
[2012.08.06 13:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Dekovir
[2012.08.06 12:35:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\RUIN_Saves
[2012.08.05 22:47:16 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Robin Hood
[2012.08.05 22:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Robin Hood
[2012.08.05 18:12:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GamersDigital
[2012.08.05 18:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\GamersDigital
[2012.08.05 13:46:42 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Phantasmat_oberon_se
[2012.08.04 20:29:20 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Rainbow
[2012.08.04 19:32:58 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GO Games
[2012.08.04 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\LittleGamesCompany
[2012.08.04 11:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LittleGamesCompany
[2012.08.03 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Ghost Ship Studios
[2012.08.03 20:20:29 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Jetdogs Studios
[2012.08.03 19:16:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MediaArt
[2012.08.03 19:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt
[2012.08.03 17:49:43 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\VendelGAMES
[2012.08.02 13:15:36 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\CattaleGames
[2012.08.02 10:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2012.08.02 09:58:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\MumboJumbo
[2012.07.31 23:21:14 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GraveyardShift
[2012.07.31 22:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HideAndSecret3
[2012.07.31 16:19:58 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\MA2
[2012.07.28 00:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Becky Brogan
[2012.07.27 21:45:49 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\EleFun Games
[2012.07.27 21:40:02 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Funzai!
[2012.07.27 20:33:33 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\DailyMagic
[2012.07.27 19:12:53 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Blue Tea Games
[2012.07.27 17:22:05 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Aisle 5 Games, Inc
[2012.07.26 16:31:34 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\GTM_Bodie
[2012.07.25 22:32:21 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\TrickySoftware
[2012.07.25 22:23:20 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Elephant Games
[2012.07.25 22:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Elephant Games
[2012.07.25 18:25:59 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\casualArts
[2012.07.25 18:25:59 | 000,000,000 | ---D | C] -- C:\ProgramData\casualArts
[2012.07.22 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Azuaz Games
[2012.07.07 22:16:52 | 015,267,728 | ---- | C] (Google Inc.) -- C:\Users\Mama\picasa39_136.4-setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.17 12:51:03 | 000,651,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.17 12:51:03 | 000,618,960 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.17 12:51:03 | 000,120,318 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.17 12:51:03 | 000,106,744 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.17 12:44:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.08.17 12:43:27 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 12:43:26 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 12:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 11:49:32 | 000,000,156 | ---- | M] () -- C:\Users\Mama\defogger_reenable
[2012.08.17 01:12:50 | 000,050,477 | ---- | M] () -- C:\Users\Mama\Desktop\Defogger.exe
[2012.08.17 00:34:02 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2012.08.17 00:29:29 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 00:17:53 | 000,001,356 | ---- | M] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2012.08.17 00:14:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.14 14:20:12 | 000,000,974 | ---- | M] () -- C:\Users\Mama\Desktop\Vampire.lnk
[2012.08.13 15:56:45 | 000,000,803 | ---- | M] () -- C:\Users\Mama\Desktop\ART2.lnk
[2012.08.12 23:52:55 | 000,000,781 | ---- | M] () -- C:\Users\Mama\Desktop\three_days.lnk
[2012.08.12 01:17:18 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\Jules Vernes Das Abenteuer Jangada.lnk
[2012.08.12 01:16:51 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk
[2012.08.12 01:16:39 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Escape from Lost Island.lnk
[2012.08.12 01:15:41 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Affair Bureau.lnk
[2012.08.12 01:15:29 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk
[2012.08.12 01:14:32 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2012.08.11 18:47:11 | 000,000,740 | ---- | M] () -- C:\Users\Mama\Desktop\CriminalMinds.lnk
[2012.08.10 22:26:27 | 000,000,853 | ---- | M] () -- C:\Users\Mama\Desktop\EscapeTheEmeraldStar.lnk
[2012.08.10 18:01:32 | 000,001,031 | ---- | M] () -- C:\Users\Mama\Desktop\MidnightMysteries3.lnk
[2012.08.10 16:57:57 | 000,000,742 | ---- | M] () -- C:\Users\Mama\Desktop\100PercentHO.lnk
[2012.08.10 16:57:34 | 000,000,865 | ---- | M] () -- C:\Users\Mama\Desktop\NightmareOnThePacific.lnk
[2012.08.10 16:57:22 | 000,000,900 | ---- | M] () -- C:\Users\Mama\Desktop\losttemple.lnk
[2012.08.10 16:57:04 | 000,000,985 | ---- | M] () -- C:\Users\Mama\Desktop\Das Schicksal der Marie Antoinette.lnk
[2012.08.10 16:55:55 | 000,000,814 | ---- | M] () -- C:\Users\Mama\Desktop\Malediction.lnk
[2012.08.10 16:55:43 | 000,000,814 | ---- | M] () -- C:\Users\Mama\Desktop\Depths of Betrayal.lnk
[2012.08.10 16:31:15 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012.08.10 16:23:56 | 000,000,666 | ---- | M] () -- C:\Users\Mama\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012.08.10 16:23:01 | 000,000,454 | ---- | M] () -- C:\Users\Mama\Desktop\FL Studio 10.lnk
[2012.08.10 04:11:28 | 000,000,510 | ---- | M] () -- C:\Users\Mama\Desktop\MC.lnk
[2012.08.10 04:11:22 | 000,000,515 | ---- | M] () -- C:\Users\Mama\Desktop\3DZ.lnk
[2012.08.10 04:09:26 | 000,000,852 | ---- | M] () -- C:\Users\Mama\Desktop\game.lnk
[2012.08.10 04:08:56 | 000,000,878 | ---- | M] () -- C:\Users\Mama\Desktop\Soul Mysteries.lnk
[2012.08.10 04:08:42 | 000,001,007 | ---- | M] () -- C:\Users\Mama\Desktop\The Order Of Conspiracy.lnk
[2012.08.10 04:08:30 | 000,000,883 | ---- | M] () -- C:\Users\Mama\Desktop\Portals.lnk
[2012.08.10 04:08:20 | 000,001,088 | ---- | M] () -- C:\Users\Mama\Desktop\The Agency of Anomalies 2.lnk
[2012.08.10 04:07:13 | 000,001,105 | ---- | M] () -- C:\Users\Mama\Desktop\Secrets of the Past - Tagebuch meiner Mutter.lnk
[2012.08.04 09:50:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.04 09:50:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.17 11:49:31 | 000,000,156 | ---- | C] () -- C:\Users\Mama\defogger_reenable
[2012.08.17 01:13:21 | 000,302,592 | ---- | C] () -- C:\Users\Mama\Desktop\gmer.exe
[2012.08.17 01:13:14 | 000,050,477 | ---- | C] () -- C:\Users\Mama\Desktop\Defogger.exe
[2012.08.17 00:29:29 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.17 00:12:34 | 000,001,356 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2012.08.17 00:07:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.14 14:20:12 | 000,000,974 | ---- | C] () -- C:\Users\Mama\Desktop\Vampire.lnk
[2012.08.13 15:56:45 | 000,000,803 | ---- | C] () -- C:\Users\Mama\Desktop\ART2.lnk
[2012.08.12 23:52:55 | 000,000,781 | ---- | C] () -- C:\Users\Mama\Desktop\three_days.lnk
[2012.08.12 01:17:18 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\Jules Vernes Das Abenteuer Jangada.lnk
[2012.08.12 01:16:51 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk
[2012.08.12 01:16:39 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Escape from Lost Island.lnk
[2012.08.12 01:15:41 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Affair Bureau.lnk
[2012.08.12 01:15:29 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk
[2012.08.11 18:47:11 | 000,000,740 | ---- | C] () -- C:\Users\Mama\Desktop\CriminalMinds.lnk
[2012.08.10 22:26:27 | 000,000,853 | ---- | C] () -- C:\Users\Mama\Desktop\EscapeTheEmeraldStar.lnk
[2012.08.10 18:01:32 | 000,001,031 | ---- | C] () -- C:\Users\Mama\Desktop\MidnightMysteries3.lnk
[2012.08.10 16:57:57 | 000,000,742 | ---- | C] () -- C:\Users\Mama\Desktop\100PercentHO.lnk
[2012.08.10 16:57:34 | 000,000,865 | ---- | C] () -- C:\Users\Mama\Desktop\NightmareOnThePacific.lnk
[2012.08.10 16:57:22 | 000,000,900 | ---- | C] () -- C:\Users\Mama\Desktop\losttemple.lnk
[2012.08.10 16:57:04 | 000,000,985 | ---- | C] () -- C:\Users\Mama\Desktop\Das Schicksal der Marie Antoinette.lnk
[2012.08.10 16:55:55 | 000,000,814 | ---- | C] () -- C:\Users\Mama\Desktop\Malediction.lnk
[2012.08.10 16:55:43 | 000,000,814 | ---- | C] () -- C:\Users\Mama\Desktop\Depths of Betrayal.lnk
[2012.08.10 16:23:56 | 000,000,666 | ---- | C] () -- C:\Users\Mama\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2012.08.10 16:23:01 | 000,000,454 | ---- | C] () -- C:\Users\Mama\Desktop\FL Studio 10.lnk
[2012.08.10 04:11:28 | 000,000,510 | ---- | C] () -- C:\Users\Mama\Desktop\MC.lnk
[2012.08.10 04:11:22 | 000,000,515 | ---- | C] () -- C:\Users\Mama\Desktop\3DZ.lnk
[2012.08.10 04:09:26 | 000,000,852 | ---- | C] () -- C:\Users\Mama\Desktop\game.lnk
[2012.08.10 04:08:56 | 000,000,878 | ---- | C] () -- C:\Users\Mama\Desktop\Soul Mysteries.lnk
[2012.08.10 04:08:42 | 000,001,007 | ---- | C] () -- C:\Users\Mama\Desktop\The Order Of Conspiracy.lnk
[2012.08.10 04:08:30 | 000,000,883 | ---- | C] () -- C:\Users\Mama\Desktop\Portals.lnk
[2012.08.10 04:08:20 | 000,001,088 | ---- | C] () -- C:\Users\Mama\Desktop\The Agency of Anomalies 2.lnk
[2012.08.10 04:07:13 | 000,001,105 | ---- | C] () -- C:\Users\Mama\Desktop\Secrets of the Past - Tagebuch meiner Mutter.lnk
[2012.08.06 19:10:08 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\GAME CENTER.lnk
[2012.04.11 01:40:03 | 000,000,000 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\wklnhst.dat
[2012.01.30 02:34:33 | 000,000,296 | ---- | C] () -- C:\Windows\baldies.ini
[2011.12.22 12:59:52 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.12.22 12:59:52 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011.06.21 20:26:35 | 000,012,670 | ---- | C] () -- C:\Users\Mama\AppData\Local\slot1.mm1
[2010.08.03 01:40:38 | 000,000,218 | ---- | C] () -- C:\Users\Mama\.recently-used.xbel
[2010.07.28 17:52:44 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.31 19:30:44 | 000,043,520 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.07.11 03:27:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals
[2012.07.27 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Aisle 5 Games, Inc
[2012.08.09 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Alawar
[2012.08.08 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlawarEntertainment
[2012.07.09 02:59:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AlderGames
[2012.06.06 00:02:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Amazon
[2011.06.29 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Anabel
[2012.08.01 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artifex Mundi
[2011.07.29 23:15:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Artogon
[2012.07.11 00:53:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Awem
[2012.07.22 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Azuaz Games
[2012.08.12 03:56:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\AzuazGames
[2011.06.13 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BanzaiInteractive
[2012.07.31 13:26:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Big Fish Games
[2011.06.26 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\BloodTies
[2012.07.27 19:12:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Blue Tea Games
[2012.07.28 10:34:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Boomzap
[2012.07.02 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Casual Arts
[2012.07.25 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\casualArts
[2012.08.02 13:15:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\CattaleGames
[2012.08.10 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\cerasus.media
[2012.08.10 01:35:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\City Interactive 3 Days Zoo Mystery
[2012.08.10 00:54:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DAEMON Tools Lite
[2012.07.27 20:33:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DailyMagic
[2012.08.06 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Deep Shadows
[2012.06.21 00:18:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Dekovir
[2012.06.18 14:20:00 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\DVDVideoSoft
[2012.07.27 21:45:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EleFun Games
[2012.06.19 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ElementalsTheMagicKey
[2012.07.27 12:03:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Elephant Games
[2011.07.15 21:06:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enchanted Katya
[2012.07.09 01:34:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Enki Games
[2012.08.08 22:48:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EntwinedSoD
[2011.07.20 12:54:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS G-Studio
[2012.08.10 06:20:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ERS Game Studios
[2011.06.26 12:37:38 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\EscapeTheMuseum2
[2012.08.12 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Fanda Games
[2011.07.03 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Flood Light Games
[2011.08.13 00:07:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Floodlight Games
[2011.06.13 22:25:09 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\FloodLightGames
[2012.08.15 11:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Friday's games
[2012.02.23 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Frogwares
[2012.07.27 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Funzai!
[2012.06.29 00:25:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GameMill Entertainment
[2012.02.27 16:04:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gamers Digital
[2012.08.05 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GamersDigital
[2011.06.15 17:25:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Games
[2012.08.03 23:42:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ghost Ship Studios
[2012.08.04 19:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GO Games
[2012.07.03 17:16:34 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Gogii
[2012.07.31 23:21:15 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GraveyardShift
[2010.08.03 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\gtk-2.0
[2012.07.26 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\GTM_Bodie
[2012.08.09 22:06:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HdO Adventure
[2011.07.16 22:31:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\HiT-MM
[2011.06.12 20:17:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\iMaxGen
[2012.07.02 15:50:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Iminent
[2012.08.03 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jetdogs Studios
[2011.06.14 11:41:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Jewel Match 3
[2012.06.28 21:34:23 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Lazy Turtle Games
[2012.08.14 22:58:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LegacyInteractive
[2012.02.24 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Legends of pirates
[2012.07.09 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LestaStudio
[2012.08.04 11:26:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\LittleGamesCompany
[2012.07.31 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MA2
[2011.06.13 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic Academy 2
[2011.07.22 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Magic3
[2012.08.08 17:13:01 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MagicIndie
[2012.08.05 18:13:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MediaArt
[2012.06.30 22:48:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Meridian93
[2011.06.18 10:47:48 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Merscom
[2012.06.20 00:05:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\monsterz
[2012.08.07 23:49:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MumboJumbo
[2012.07.03 15:40:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Mystery of Mortlake Mansion
[2012.08.03 23:03:30 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\MysteryStudio
[2011.11.11 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon 3 Days Zoo Mystery
[2012.07.12 23:50:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberon Media
[2011.06.26 10:04:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1000
[2012.07.09 23:21:45 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1002
[2011.08.03 19:19:44 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1004
[2011.07.01 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Oberonv1006
[2009.12.31 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\OpenOffice.org
[2012.07.26 22:05:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Orneon
[2011.12.22 13:05:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PC Suite
[2012.06.23 00:18:04 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Peace Craft
[2010.08.02 17:25:19 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PeerNetworking
[2012.07.03 05:53:14 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_intenium_se
[2012.08.05 13:48:54 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Phantasmat_oberon_se
[2012.06.27 03:06:36 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PlayFirst
[2012.07.15 23:17:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\PoBros
[2012.06.23 01:42:41 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\pokerth
[2012.01.19 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\QuickScan
[2012.08.04 20:29:20 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Rainbow
[2012.08.05 22:47:16 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Robin Hood
[2011.06.25 18:57:07 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\RobinsonCrusoe
[2011.12.22 12:58:46 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Samsung
[2011.06.13 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SecretIslandDeuBF
[2011.06.29 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SerpentOfIsis
[2011.06.17 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Settlement. Colossus
[2011.07.15 20:21:28 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Silverback Productions
[2012.07.08 23:16:06 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Skunk Studios
[2012.06.26 21:30:35 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SMIGames
[2011.01.11 10:39:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Software Informer
[2010.09.20 20:46:32 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Sony
[2012.08.10 01:39:22 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SpinTop Games
[2012.06.26 22:10:26 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\SprillRichiGerman
[2012.01.11 13:47:53 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Suziaz
[2012.04.11 01:40:05 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Template
[2011.06.11 13:45:56 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\The Games Company
[2012.07.04 23:54:52 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\ThreeDays2
[2012.06.28 03:55:59 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TikisLab
[2011.06.14 09:34:33 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TitanicMystery
[2012.06.26 14:20:31 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TOMI3
[2011.06.29 12:53:29 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Top Evidence
[2012.07.25 22:32:21 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\TrickySoftware
[2012.02.04 02:59:12 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Ugih
[2012.02.24 12:29:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\URSE Games
[2011.06.16 22:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\V-Games
[2011.06.17 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VampireSaga
[2012.07.08 00:30:42 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vast Studios
[2012.08.03 17:49:43 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\VendelGAMES
[2012.08.06 15:45:17 | 000,000,000 | ---D | M] -- C:\Users\Mama\AppData\Roaming\Vogat Interactive
[2012.08.17 02:40:55 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 403 bytes -> C:\ProgramData\TEMP:6891C915
@Alternate Data Stream - 392 bytes -> C:\ProgramData\TEMP:CE1DA626
@Alternate Data Stream - 391 bytes -> C:\ProgramData\TEMP:E603155F
@Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:8B38FB22
@Alternate Data Stream - 378 bytes -> C:\ProgramData\TEMP:98838593
@Alternate Data Stream - 375 bytes -> C:\ProgramData\TEMP:691A064E
@Alternate Data Stream - 375 bytes -> C:\ProgramData\TEMP:66CBBDB8
@Alternate Data Stream - 370 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 367 bytes -> C:\ProgramData\TEMP:75B3F7A3
@Alternate Data Stream - 364 bytes -> C:\ProgramData\TEMP:4B112591
@Alternate Data Stream - 359 bytes -> C:\ProgramData\TEMP:401444AD
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:D323F5EF
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:136DD674
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:EC2C753C
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:A90435A2
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:65E5A65A
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:BF3CB074
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D624FC7E
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:8F7ECF6A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:E1069F99
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D612C9AF
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:CAA2D3CC
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:92DC6D95
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:91CF76E3
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4FADDE0F
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:14982C34
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:D44D0CA3
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:CCBF0D67
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:799B8AA7
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:5B2D0200
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:072B9E55
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:FE287FAF
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B45E2DC6
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:87C92DF3
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:864A52B8
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:5E0617AC
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:2BEBE57F
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:26140299
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:24AB14E7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:E60A0116
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9F9D57FD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9DDF16A0
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:4B6FD339
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:1F2BE70F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:B5C74AE4
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8F54A01C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:72E546C1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:3A172552
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:EB3A09D6
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:DB051353
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D156DCC8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:B8B102B9
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:76AA316A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:6094C43B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0AE8FC60
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:E380FC9B
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:926B6E7A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8AD8C82D
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:6CBAF5F3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:4E87B1CC
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8C458D50
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1E66EE85
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1E3397DC
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C8E9D804
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:C70C12CF
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:8C885EDD
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:71D06554
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:42942A7F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0BFCB272
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E89EDC52
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D5805A05
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C953979F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C7052D89
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C3A4217C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A38E5103
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:46D3A554
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:EAB1AD1B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:8BBD1F9A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:7C0CBD4C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:6D9FC225
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:63A71C6F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:52FE3CCD
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:42275BC2
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2A578A48
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1FD226D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CF2C26D2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7E7C5DB5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:45AF97B8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:20B9E63F
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FA454DFF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:F97550B0
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D3FFFBA9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B652B720
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:3B9582E0
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:DD3F5AF4
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:70D21A0C
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:31DA63EA
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E79EFDA4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:D478F292
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:5D51D132
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:17DA7CD5
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CC3B950A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:AABA76BE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A98B0BB8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A047BC0D
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:940ECC98
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7A0A894A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:550179F5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:541F9F51
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:7B2BC634
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3F22DA14
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:3031D8E8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:B894C266
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A9C63474
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6F160860
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:371C7196
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2EB8C6BB
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E98C5DD9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:AA7BE830
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2020565D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:956EC010
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:726A7C8D
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:687D1056
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:3005D353
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:23CB5E78
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:F01E7F17
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:BDDE9892
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:68C4BECC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1AE31F2A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FF25B447
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E60D24D7
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:DBCF903F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A9D9351A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7DBF4CE6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:68AB648F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:2A615C9C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:BBA04CB2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0C5A6770
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:FDAF118C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:C0601E00
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:BC521608
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:735575D8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:20BC9A76
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D4DCC75D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B5A5F21A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8F925134
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:D4A7C55A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C8F88A8F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C2F24DB5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7C3E753C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:798F4CE4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5A27D490
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C44E62F1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7E27CEAF
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8C443193
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:85316D14
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:84E5776A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3FC46878
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:389D51A1
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3095BD69
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373C6DC2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F1FE38D7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2FAFBD6A

< End of report >
         
Hier der Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 17.08.2012 12:52:44 - Run 3
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 63,91% Memory free
3,96 Gb Paging File | 3,09 Gb Available in Paging File | 78,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 90,25 Gb Total Space | 38,39 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 43,42 Gb Free Space | 96,22% Space Free | Partition Type: NTFS
 
Computer Name: MAMA-PC | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FA0ECD-49E1-47CE-A152-7AC8E21B99A9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0279128D-7A99-4E9C-8C40-464F2CFA26CC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{04647708-863B-44FE-A3B3-2FFC3222505F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{108C5F05-9271-41A9-B50D-A87D5406BC5B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{15A9B0DC-2357-48EC-B1D0-29544EC66324}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{162DA567-040A-4ECF-A27D-228C462DC2EA}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{2631E0B5-2901-4E41-80F3-226D56FCEA22}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{2AD33912-C4FB-4B2C-9630-F583943659C9}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{370D1E25-0BEF-462D-8A2B-1D526EF50707}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{39D42E8B-A4E6-4F59-AC90-CBFDCBC2E617}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{3D80D450-401D-475F-93BE-F066061E5B9B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{431F5895-9055-43DF-A7A6-BC915FE1200B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4358C905-DAD4-4E2D-8DF2-BDEA78A9ECB8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{54495964-4D7F-4903-8A79-AA689545B640}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{60E8876B-A8C2-451D-A127-5125063E7642}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{616D60C7-D0CA-4A1E-928F-AF8CC48C26C6}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{6B7EB399-EE57-412A-B00E-607098B917CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6BF0F855-9064-413B-A727-284F44BC54A7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6CB5E8B7-AABA-4F6B-8AF4-F312A10A45EA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{72BBCA02-8591-4063-9897-C3337FDB155D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{86FF54DF-FBCC-4092-8F40-DB5B66438AE4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{882F44F3-3467-4D26-B6AC-9168BDA5E210}" = rport=445 | protocol=6 | dir=out | app=system | 
"{89487487-8274-483A-B0E9-18151FB44B57}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8C19C07A-B4D3-4B5A-A699-C1266660C4A9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{965778AA-73A6-4C5B-87A4-BA9C52F5F536}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{97CE6B14-C883-4592-8A62-F6512791F0B4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9AD5818F-899B-480C-954A-BEBB73A8C9BE}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{9DAF3760-A043-477F-AE59-8B3D91C02284}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{A507FA70-1F8C-4D9E-A16A-678DF0A19711}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{A5EB24BE-66B6-4B66-A50A-182729E59F86}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AFD01500-56AE-409A-96F2-95F8299332B3}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{B0E40B86-63A4-4D59-8F12-D3631AAAC1FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B6010058-0FA9-43BC-BC34-3FD945B33A40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BAC30578-3B48-49A1-BF7A-C72626CBCD3D}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{BC868ECA-82D8-4395-8F9E-57CD4FADF269}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{C0259041-FE49-4FBE-9AD0-3DE7BD31A95B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{CD6B6D71-AB49-44D5-A654-6D704D70DA0F}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{D8C5DB01-B964-483D-A859-7BFB71FDC314}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DE8246AE-7644-4AFE-A74B-8227AF7FEDE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DFC21684-F556-4B5D-9A3A-8300CD80AF97}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E55E13D4-334E-4403-8180-A9805B71F17A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E7A4C04E-9642-455B-8F0A-FC3C1BAD8497}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF1A1B29-0CD3-4A7E-AA4B-84CCE454B827}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{F61590D6-E505-4581-B1AA-99192ABC7614}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FBE458BA-8047-4EB9-841F-769029900D4C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FD1F812E-B0DF-4350-86E7-431233B3AE17}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0211B87B-CCA7-4429-9E46-37F1C4DDA3F7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{02AD431C-6341-4738-84E5-FC77EAA7F88E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{06F81348-3EEC-4668-98A5-AB8EC0811924}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{080F3FF1-2482-4AAE-A4BC-F6A3DAE778A1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0DE19243-92B9-49D3-8237-E0D1B362C445}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2928B73F-FE5C-4018-8C1C-E2576BB023C6}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{29CF3C40-8D93-490C-8129-53111D4944E9}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{37CC016D-6745-4BAA-B076-7FD97CEF9C96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{48561C72-8761-4FBB-B87F-8F2CC9BC940F}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{4F027D72-C8D5-493D-9ADB-742C7350CD64}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{52D665F7-4988-4215-A183-627ADB930F56}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{62BC5299-15A8-4F3D-85D7-EAB9DBDBB0AF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{6E09BC9D-69EC-4CAD-ADC3-C87B48FCA8B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7917FD91-C9B8-43C0-8018-760694C5BF20}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{83E0C7AE-B412-441D-A935-6BB6145312B1}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{8C3A0F9B-A7D1-4B60-8801-9EB0A74B0691}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{8D71BDE2-7AAC-46F4-B1F9-25FEE56DE53A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9A32A6C9-3A3B-4D84-9FD8-FADCCC50C10D}" = protocol=17 | dir=in | app=e:\alicecd.exe | 
"{9D7334F5-FFA6-4241-AFA2-E7BDE9B7866A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B1F7C501-7443-4F9B-84BC-4B0DE0478435}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{BD4D9D55-EC37-4874-90C6-E942BE656DAE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C61FCDE4-FB92-452D-95A0-6C9C2B1D6F82}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D37243BA-C9AA-496B-9229-7EA40D772F44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E54BBEAA-AF5C-4182-BDAA-9C5E527B146B}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{E68CE419-5DF4-41BE-B721-BB0577773AC8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EA70FDBB-B2E4-402C-8F03-369EB72E5A2B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{EA77EE00-CF71-46AA-865A-714E5D878AC8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{EBC13011-CB9E-434F-96B6-1A6A3EA4D2EC}" = protocol=6 | dir=in | app=e:\alicecd.exe | 
"{F0C112D6-2FD1-4127-A4FB-1481AACF84A0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FBDE2F07-9772-4BA0-8CBB-5F48649BF560}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"TCP Query User{0FA34F7D-F892-4779-B87A-658A0A0F6F8F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{2B70DF47-7CFE-44DF-B5F0-EC88BEB43A26}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{48861F69-933A-4B6B-9FFF-6F69DEAB90CE}C:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{9706EEF2-A872-4195-AFCF-8537369D3716}C:\program files\thq\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\thq\titan quest\titan quest.exe | 
"TCP Query User{9EEE7F04-A3DA-405B-97A6-3A0E0E3F0669}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{A3C6F137-A86B-45D6-BD26-049FA6474F39}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{BB2152AC-1DF0-4915-B540-AE2BB8DB09AF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{D8627223-BC6C-472A-BBD3-FAB170D79E38}C:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe | 
"TCP Query User{DAD7C359-CA1A-46A8-834E-24BBF3D31007}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E6F9E236-A99B-4112-B529-1ACB0654E8B8}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"UDP Query User{27FC9174-2795-45A2-B002-E5614D9E1FC4}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{41E0C5EC-36E1-438C-B528-65CB4456F69C}C:\program files\thq\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\thq\titan quest\titan quest.exe | 
"UDP Query User{978D44EE-0A9F-4D54-8B0C-DF2F4944EB43}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"UDP Query User{A807774A-E1BC-47EE-BB0C-6A63C47AE302}C:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{A891F6D3-61F4-4A57-AC88-A4B6C00995FE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C84D26DD-729E-4864-8870-256BE4195642}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C92C88EE-DA07-46AB-B88A-2F9EFDBD410C}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CD6AF78C-BD25-4B81-8806-45C70A2FFA93}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{ED7206FE-E5C3-45AF-B2C3-0453C9F7B1F6}C:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\wallpaper\die siedler ii - die nächste generation\bin\s2dng.exe | 
"UDP Query User{FA43E5A3-E0D2-49D0-81DA-D51F5B19875A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK-Clientinstallationsprogramm
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3 Days. Zoo Mystery/DE-German_is1" = 3 Days. Zoo Mystery
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Affair Bureau" = Affair Bureau
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Escape from Lost Island" = Escape from Lost Island
"FL Studio 10" = FL Studio 10
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Jewel Mystery: Die Villa" = Jewel Mystery: Die Villa
"Jules Vernes: Das Abenteuer Jangada" = Jules Vernes: Das Abenteuer Jangada
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Midnight Mysteries: Teufel auf dem Mississippi" = Midnight Mysteries: Teufel auf dem Mississippi
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Odyssee ins Ungewisse" = Odyssee ins Ungewisse
"Picasa 3" = Picasa 3
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Mystery of the Mary Celeste/DE-German_is1" = Das Geheimnis der Mary Celeste
"Uninstall_is1" = Uninstall 1.0.0.1
"VIA Chrome9 HC IGP Family Windows Vista Display" = VIA Chrome9 HC IGP Family Windows Vista Display
"VLC media player" = VLC media player 1.1.7
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2012 18:17:12 | Computer Name = Mama-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 16.08.2012 18:20:52 | Computer Name = Mama-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description = 
 
Error - 16.08.2012 18:29:25 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 16.08.2012 18:54:36 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 16.08.2012 20:38:04 | Computer Name = Mama-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NightmareOnThePacific_og.exe, Version 1.1.1.4,
 Zeitstempel 0x4d4fd2da, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x4ada6f00,  Prozess-ID 0xf04, 
Anwendungsstartzeit 01cd7c0b9a20c400.
 
Error - 17.08.2012 05:34:19 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 17.08.2012 06:47:32 | Computer Name = Mama-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.55.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 738  Anfangszeit: 01cd7c656c3cb2b7  Zeitpunkt der Beendigung:
 16
 
Error - 17.08.2012 06:48:35 | Computer Name = Mama-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.55.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: e6c  Anfangszeit: 01cd7c65bc708e5c  Zeitpunkt der Beendigung:
 16
 
Error - 17.08.2012 06:50:40 | Computer Name = Mama-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.55.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: fd0  Anfangszeit: 01cd7c65de3bde10  Zeitpunkt der Beendigung:
 0
 
Error - 17.08.2012 06:51:03 | Computer Name = Mama-PC | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 16.08.2012 18:48:13 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.08.2012 18:48:13 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.08.2012 05:27:44 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.08.2012 05:27:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.08.2012 05:27:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.08.2012 05:32:55 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 17.08.2012 06:43:19 | Computer Name = Mama-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.08.2012 um 12:11:44 unerwartet heruntergefahren.
 
Error - 17.08.2012 06:44:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.08.2012 06:44:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 17.08.2012 06:44:58 | Computer Name = Mama-PC | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
gmer hat sich zweimal aufgehangen musste neustarten daher hab ich es weggelassen.

Alt 17.08.2012, 15:55   #2
t'john
/// Helfer-Team
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
DRV - (WG111T) -- system32\DRIVERS\WG111Tv.sys File not found 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found 
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found 
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes,DefaultScope = {19AD08EA-03F1-488E-B94B-C05722DA6C8D} 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\SearchScopes\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.startup.homepage: "about:blank" 
FF - prefs.js..network.proxy.type: 4 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O2 - BHO: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found 
O3 - HKLM\..\Toolbar: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found 
O3 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\..\Toolbar\WebBrowser: (Edit/Remove the Ravenwood Fair Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found 
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () 
O4 - HKLM..\Run: [NPSStartup] File not found 
O4 - HKLM..\Run: [recinfo28] c:\RecInfo\RecInfo.exe () 
O4 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000..\Run: [huufr.exe] C:\Users\Mama\AppData\Roaming\Ugih\huufr.exe File not found 
O4 - Startup: C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.08.2012_12-35.lnk = C:\Users\Mama\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.08.2012_12-35\startup.exe () 
O7 - HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\Shell\AutoRun\command - "" = F:\Install.exe 
O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell - "" = AutoRun 
O33 - MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe 
O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\Shell\AutoRun\command - "" = F:\Startme.exe 
O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\Shell\AutoRun\command - "" = G:\AutoRun.exe 
O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a 
O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell - "" = AutoRun 
O33 - MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell - "" = AutoRun 
O33 - MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\Shell\AutoRun\command - "" = F:\AutoRun.exe 
O33 - MountPoints2\F\Shell - "" = AutoRun 
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe 

[2012.08.17 00:14:06 | 004,503,728 | ---- | M] () -- C:\ProgramData\ism_0_llatsni.pad 

@Alternate Data Stream - 403 bytes -> C:\ProgramData\Temp:6891C915 
@Alternate Data Stream - 392 bytes -> C:\ProgramData\Temp:CE1DA626 
@Alternate Data Stream - 391 bytes -> C:\ProgramData\Temp:E603155F 
@Alternate Data Stream - 380 bytes -> C:\ProgramData\Temp:8B38FB22 
@Alternate Data Stream - 378 bytes -> C:\ProgramData\Temp:98838593 
@Alternate Data Stream - 375 bytes -> C:\ProgramData\Temp:691A064E 
@Alternate Data Stream - 375 bytes -> C:\ProgramData\Temp:66CBBDB8 
@Alternate Data Stream - 370 bytes -> C:\ProgramData\Temp:B203B914 
@Alternate Data Stream - 367 bytes -> C:\ProgramData\Temp:75B3F7A3 
@Alternate Data Stream - 364 bytes -> C:\ProgramData\Temp:4B112591 
@Alternate Data Stream - 359 bytes -> C:\ProgramData\Temp:401444AD 
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:D323F5EF 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:136DD674 
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:EC2C753C 
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:A90435A2 
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:65E5A65A 
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:BF3CB074 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:D624FC7E 
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:8F7ECF6A 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E1069F99 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:D612C9AF 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:CAA2D3CC 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:92DC6D95 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:91CF76E3 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:4FADDE0F 
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:14982C34 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:D44D0CA3 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:CCBF0D67 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:799B8AA7 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5B2D0200 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:072B9E55 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:FE287FAF 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:B45E2DC6 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:87C92DF3 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:864A52B8 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:5E0617AC 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2BEBE57F 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:26140299 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:24AB14E7 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E60A0116 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:9F9D57FD 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:9DDF16A0 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:981349EA 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:4B6FD339 
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:1F2BE70F 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:B5C74AE4 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8F54A01C 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:72E546C1 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3A172552 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:EB3A09D6 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DB051353 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D156DCC8 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:C40E212B 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:B8B102B9 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:76AA316A 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:6094C43B 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0AE8FC60 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E380FC9B 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:926B6E7A 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:8AD8C82D 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6CBAF5F3 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:4E87B1CC 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8C458D50 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1E66EE85 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1E3397DC 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C8E9D804 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C70C12CF 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8C885EDD 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:71D06554 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:42942A7F 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:0BFCB272 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:E89EDC52 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D5805A05 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C953979F 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C7052D89 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C3A4217C 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A38E5103 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:46D3A554 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:EAB1AD1B 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:8BBD1F9A 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:7C0CBD4C 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:6D9FC225 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:63A71C6F 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52FE3CCD 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:42275BC2 
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:2A578A48 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:D1FD226D 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:CF2C26D2 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:7E7C5DB5 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:45AF97B8 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:20B9E63F 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:0D31DA45 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:FA454DFF 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:F97550B0 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:D3FFFBA9 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:B652B720 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:5095D8B1 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:3B9582E0 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:DD3F5AF4 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:70D21A0C 
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:31DA63EA 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E79EFDA4 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:D478F292 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A724744F 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5D51D132 
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:17DA7CD5 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:CC3B950A 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:AABA76BE 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A98B0BB8 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:A047BC0D 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:940ECC98 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:7A0A894A 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:550179F5 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:541F9F51 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:861A898F 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:7B2BC634 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3F22DA14 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:3031D8E8 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:B894C266 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:A9C63474 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:6F160860 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:371C7196 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:2EB8C6BB 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E98C5DD9 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:AA7BE830 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A5584049 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2020565D 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:956EC010 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:726A7C8D 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:687D1056 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3005D353 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:23CB5E78 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:F01E7F17 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:BDDE9892 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:68C4BECC 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:1AE31F2A 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:FF25B447 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E60D24D7 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:DBCF903F 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A9D9351A 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:7DBF4CE6 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:68AB648F 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2A615C9C 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:F878F14A 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:BBA04CB2 
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0C5A6770 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:FDAF118C 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:C0601E00 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:BC521608 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:735575D8 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:20BC9A76 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D4DCC75D 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B5A5F21A 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:8F925134 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4D066AD2 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:D4A7C55A 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C8F88A8F 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C2F24DB5 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:7C3E753C 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:798F4CE4 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5A27D490 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C44E62F1 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:7E27CEAF 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:8C443193 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:85316D14 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:84E5776A 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3FC46878 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:389D51A1 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3095BD69 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:8AB6C1D7 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:373C6DC2 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:580E04D8 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F1FE38D7 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2FAFBD6A 
[2012.08.12 01:14:32 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\GAME CENTER.lnk 
[2012.08.12 01:15:41 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Affair Bureau.lnk 
[2012.08.12 01:15:29 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk 
[2012.08.12 01:16:51 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk 
[2012.08.12 01:16:39 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Escape from Lost Island.lnk 

:Files


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 17.08.2012, 16:10   #3
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Hier das gewünschte OTL file:

Code:
ATTFilter
All processes killed
========== OTL ==========
Service WG111T stopped successfully!
Service WG111T deleted successfully!
File  system32\DRIVERS\WG111Tv.sys File not found not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File  system32\DRIVERS\ipinip.sys File not found not found.
Service huawei_enumerator stopped successfully!
Service huawei_enumerator deleted successfully!
File  system32\DRIVERS\ew_jubusenum.sys File not found not found.
Service ew_hwusbdev stopped successfully!
Service ew_hwusbdev deleted successfully!
File  system32\DRIVERS\ew_hwusbdev.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File  C:\Windows\system32\drivers\blbdrive.sys File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19AD08EA-03F1-488E-B94B-C05722DA6C8D}\ not found.
HKU\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "about:blank" removed from browser.startup.homepage
Prefs.js: 4 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\recinfo28 deleted successfully.
c:\RecInfo\RecInfo.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\Software\Microsoft\Windows\CurrentVersion\Run\\huufr.exe deleted successfully.
C:\Users\Mama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.08.2012_12-35.lnk moved successfully.
C:\Users\Mama\Desktop\DE-Cleaner powered by Kaspersky\setup_9.0.0.722_14.08.2012_12-35\startup.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-559149942-3163695425-1619497223-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3200d7af-5eb3-11e0-865d-001e3302a02e}\ not found.
File F:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33733f7c-d2ad-11e1-a34f-001e101f0b17}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d178e-230c-11e0-9dc7-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544d178e-230c-11e0-9dc7-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544d178e-230c-11e0-9dc7-001e3302a02e}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9a5-3ce4-11e0-9af2-001e3302a02e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f9b9f6-3ce4-11e0-9af2-001e3302a02e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b7474c3-c4e5-11df-a6c4-001e3302a02e}\ not found.
File F:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27ca3-bc61-11e1-84b7-001e3302a02e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bf27cb2-bc61-11e1-84b7-001e3302a02e}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0ae517d-9744-11df-bd71-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0ae517d-9744-11df-bd71-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0ae517d-9744-11df-bd71-001e3302a02e}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03d80-c026-11df-8ebf-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8f03e18-c026-11df-8ebf-001e3302a02e}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9d3af1a-c0bc-11df-86e1-001e101f4363}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\ism_0_llatsni.pad moved successfully.
ADS C:\ProgramData\Temp:6891C915 deleted successfully.
ADS C:\ProgramData\Temp:CE1DA626 deleted successfully.
ADS C:\ProgramData\Temp:E603155F deleted successfully.
ADS C:\ProgramData\Temp:8B38FB22 deleted successfully.
ADS C:\ProgramData\Temp:98838593 deleted successfully.
ADS C:\ProgramData\Temp:691A064E deleted successfully.
ADS C:\ProgramData\Temp:66CBBDB8 deleted successfully.
ADS C:\ProgramData\Temp:B203B914 deleted successfully.
ADS C:\ProgramData\Temp:75B3F7A3 deleted successfully.
ADS C:\ProgramData\Temp:4B112591 deleted successfully.
ADS C:\ProgramData\Temp:401444AD deleted successfully.
ADS C:\ProgramData\Temp:D323F5EF deleted successfully.
ADS C:\ProgramData\Temp:136DD674 deleted successfully.
ADS C:\ProgramData\Temp:EC2C753C deleted successfully.
ADS C:\ProgramData\Temp:A90435A2 deleted successfully.
ADS C:\ProgramData\Temp:65E5A65A deleted successfully.
ADS C:\ProgramData\Temp:BF3CB074 deleted successfully.
ADS C:\ProgramData\Temp:D624FC7E deleted successfully.
ADS C:\ProgramData\Temp:8F7ECF6A deleted successfully.
ADS C:\ProgramData\Temp:E1069F99 deleted successfully.
ADS C:\ProgramData\Temp:D612C9AF deleted successfully.
ADS C:\ProgramData\Temp:CAA2D3CC deleted successfully.
ADS C:\ProgramData\Temp:92DC6D95 deleted successfully.
ADS C:\ProgramData\Temp:91CF76E3 deleted successfully.
ADS C:\ProgramData\Temp:4FADDE0F deleted successfully.
ADS C:\ProgramData\Temp:14982C34 deleted successfully.
ADS C:\ProgramData\Temp:D44D0CA3 deleted successfully.
ADS C:\ProgramData\Temp:CCBF0D67 deleted successfully.
ADS C:\ProgramData\Temp:799B8AA7 deleted successfully.
ADS C:\ProgramData\Temp:5B2D0200 deleted successfully.
ADS C:\ProgramData\Temp:072B9E55 deleted successfully.
ADS C:\ProgramData\Temp:FE287FAF deleted successfully.
ADS C:\ProgramData\Temp:B45E2DC6 deleted successfully.
ADS C:\ProgramData\Temp:87C92DF3 deleted successfully.
ADS C:\ProgramData\Temp:864A52B8 deleted successfully.
ADS C:\ProgramData\Temp:5E0617AC deleted successfully.
ADS C:\ProgramData\Temp:2BEBE57F deleted successfully.
ADS C:\ProgramData\Temp:26140299 deleted successfully.
ADS C:\ProgramData\Temp:24AB14E7 deleted successfully.
ADS C:\ProgramData\Temp:E60A0116 deleted successfully.
ADS C:\ProgramData\Temp:9F9D57FD deleted successfully.
ADS C:\ProgramData\Temp:9DDF16A0 deleted successfully.
ADS C:\ProgramData\Temp:981349EA deleted successfully.
ADS C:\ProgramData\Temp:4B6FD339 deleted successfully.
ADS C:\ProgramData\Temp:1F2BE70F deleted successfully.
ADS C:\ProgramData\Temp:B5C74AE4 deleted successfully.
ADS C:\ProgramData\Temp:8F54A01C deleted successfully.
ADS C:\ProgramData\Temp:72E546C1 deleted successfully.
ADS C:\ProgramData\Temp:3A172552 deleted successfully.
ADS C:\ProgramData\Temp:EB3A09D6 deleted successfully.
ADS C:\ProgramData\Temp:DB051353 deleted successfully.
ADS C:\ProgramData\Temp:D156DCC8 deleted successfully.
ADS C:\ProgramData\Temp:C40E212B deleted successfully.
ADS C:\ProgramData\Temp:B8B102B9 deleted successfully.
ADS C:\ProgramData\Temp:76AA316A deleted successfully.
ADS C:\ProgramData\Temp:6094C43B deleted successfully.
ADS C:\ProgramData\Temp:0AE8FC60 deleted successfully.
ADS C:\ProgramData\Temp:E380FC9B deleted successfully.
ADS C:\ProgramData\Temp:926B6E7A deleted successfully.
ADS C:\ProgramData\Temp:8AD8C82D deleted successfully.
ADS C:\ProgramData\Temp:6CBAF5F3 deleted successfully.
ADS C:\ProgramData\Temp:4E87B1CC deleted successfully.
ADS C:\ProgramData\Temp:8C458D50 deleted successfully.
ADS C:\ProgramData\Temp:1E66EE85 deleted successfully.
ADS C:\ProgramData\Temp:1E3397DC deleted successfully.
ADS C:\ProgramData\Temp:C8E9D804 deleted successfully.
ADS C:\ProgramData\Temp:C70C12CF deleted successfully.
ADS C:\ProgramData\Temp:8C885EDD deleted successfully.
ADS C:\ProgramData\Temp:71D06554 deleted successfully.
ADS C:\ProgramData\Temp:42942A7F deleted successfully.
ADS C:\ProgramData\Temp:0BFCB272 deleted successfully.
ADS C:\ProgramData\Temp:E89EDC52 deleted successfully.
ADS C:\ProgramData\Temp:D5805A05 deleted successfully.
ADS C:\ProgramData\Temp:C953979F deleted successfully.
ADS C:\ProgramData\Temp:C7052D89 deleted successfully.
ADS C:\ProgramData\Temp:C3A4217C deleted successfully.
ADS C:\ProgramData\Temp:A38E5103 deleted successfully.
ADS C:\ProgramData\Temp:46D3A554 deleted successfully.
ADS C:\ProgramData\Temp:EAB1AD1B deleted successfully.
ADS C:\ProgramData\Temp:8BBD1F9A deleted successfully.
ADS C:\ProgramData\Temp:7C0CBD4C deleted successfully.
ADS C:\ProgramData\Temp:6D9FC225 deleted successfully.
ADS C:\ProgramData\Temp:63A71C6F deleted successfully.
ADS C:\ProgramData\Temp:52FE3CCD deleted successfully.
ADS C:\ProgramData\Temp:42275BC2 deleted successfully.
ADS C:\ProgramData\Temp:2A578A48 deleted successfully.
ADS C:\ProgramData\Temp:D1FD226D deleted successfully.
ADS C:\ProgramData\Temp:CF2C26D2 deleted successfully.
ADS C:\ProgramData\Temp:7E7C5DB5 deleted successfully.
ADS C:\ProgramData\Temp:45AF97B8 deleted successfully.
ADS C:\ProgramData\Temp:20B9E63F deleted successfully.
ADS C:\ProgramData\Temp:0D31DA45 deleted successfully.
ADS C:\ProgramData\Temp:FA454DFF deleted successfully.
ADS C:\ProgramData\Temp:F97550B0 deleted successfully.
ADS C:\ProgramData\Temp:D3FFFBA9 deleted successfully.
ADS C:\ProgramData\Temp:B652B720 deleted successfully.
ADS C:\ProgramData\Temp:5095D8B1 deleted successfully.
ADS C:\ProgramData\Temp:3B9582E0 deleted successfully.
ADS C:\ProgramData\Temp:DD3F5AF4 deleted successfully.
ADS C:\ProgramData\Temp:70D21A0C deleted successfully.
ADS C:\ProgramData\Temp:31DA63EA deleted successfully.
ADS C:\ProgramData\Temp:E79EFDA4 deleted successfully.
ADS C:\ProgramData\Temp:D478F292 deleted successfully.
ADS C:\ProgramData\Temp:A724744F deleted successfully.
ADS C:\ProgramData\Temp:5D51D132 deleted successfully.
ADS C:\ProgramData\Temp:17DA7CD5 deleted successfully.
ADS C:\ProgramData\Temp:CC3B950A deleted successfully.
ADS C:\ProgramData\Temp:AABA76BE deleted successfully.
ADS C:\ProgramData\Temp:A98B0BB8 deleted successfully.
ADS C:\ProgramData\Temp:A047BC0D deleted successfully.
ADS C:\ProgramData\Temp:940ECC98 deleted successfully.
ADS C:\ProgramData\Temp:7A0A894A deleted successfully.
ADS C:\ProgramData\Temp:550179F5 deleted successfully.
ADS C:\ProgramData\Temp:541F9F51 deleted successfully.
ADS C:\ProgramData\Temp:861A898F deleted successfully.
ADS C:\ProgramData\Temp:7B2BC634 deleted successfully.
ADS C:\ProgramData\Temp:3F22DA14 deleted successfully.
ADS C:\ProgramData\Temp:3031D8E8 deleted successfully.
ADS C:\ProgramData\Temp:B894C266 deleted successfully.
ADS C:\ProgramData\Temp:A9C63474 deleted successfully.
ADS C:\ProgramData\Temp:6F160860 deleted successfully.
ADS C:\ProgramData\Temp:371C7196 deleted successfully.
ADS C:\ProgramData\Temp:2EB8C6BB deleted successfully.
ADS C:\ProgramData\Temp:E98C5DD9 deleted successfully.
ADS C:\ProgramData\Temp:AA7BE830 deleted successfully.
ADS C:\ProgramData\Temp:A5584049 deleted successfully.
ADS C:\ProgramData\Temp:2020565D deleted successfully.
ADS C:\ProgramData\Temp:956EC010 deleted successfully.
ADS C:\ProgramData\Temp:726A7C8D deleted successfully.
ADS C:\ProgramData\Temp:687D1056 deleted successfully.
ADS C:\ProgramData\Temp:3005D353 deleted successfully.
ADS C:\ProgramData\Temp:23CB5E78 deleted successfully.
ADS C:\ProgramData\Temp:F01E7F17 deleted successfully.
ADS C:\ProgramData\Temp:BDDE9892 deleted successfully.
ADS C:\ProgramData\Temp:68C4BECC deleted successfully.
ADS C:\ProgramData\Temp:1AE31F2A deleted successfully.
ADS C:\ProgramData\Temp:FF25B447 deleted successfully.
ADS C:\ProgramData\Temp:E60D24D7 deleted successfully.
ADS C:\ProgramData\Temp:DBCF903F deleted successfully.
ADS C:\ProgramData\Temp:A9D9351A deleted successfully.
ADS C:\ProgramData\Temp:7DBF4CE6 deleted successfully.
ADS C:\ProgramData\Temp:68AB648F deleted successfully.
ADS C:\ProgramData\Temp:2A615C9C deleted successfully.
ADS C:\ProgramData\Temp:F878F14A deleted successfully.
ADS C:\ProgramData\Temp:BBA04CB2 deleted successfully.
ADS C:\ProgramData\Temp:0C5A6770 deleted successfully.
ADS C:\ProgramData\Temp:FDAF118C deleted successfully.
ADS C:\ProgramData\Temp:C0601E00 deleted successfully.
ADS C:\ProgramData\Temp:BC521608 deleted successfully.
ADS C:\ProgramData\Temp:735575D8 deleted successfully.
ADS C:\ProgramData\Temp:20BC9A76 deleted successfully.
ADS C:\ProgramData\Temp:D4DCC75D deleted successfully.
ADS C:\ProgramData\Temp:B5A5F21A deleted successfully.
ADS C:\ProgramData\Temp:8F925134 deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:D4A7C55A deleted successfully.
ADS C:\ProgramData\Temp:C8F88A8F deleted successfully.
ADS C:\ProgramData\Temp:C2F24DB5 deleted successfully.
ADS C:\ProgramData\Temp:7C3E753C deleted successfully.
ADS C:\ProgramData\Temp:798F4CE4 deleted successfully.
ADS C:\ProgramData\Temp:5A27D490 deleted successfully.
ADS C:\ProgramData\Temp:C44E62F1 deleted successfully.
ADS C:\ProgramData\Temp:7E27CEAF deleted successfully.
ADS C:\ProgramData\Temp:8C443193 deleted successfully.
ADS C:\ProgramData\Temp:85316D14 deleted successfully.
ADS C:\ProgramData\Temp:84E5776A deleted successfully.
ADS C:\ProgramData\Temp:3FC46878 deleted successfully.
ADS C:\ProgramData\Temp:389D51A1 deleted successfully.
ADS C:\ProgramData\Temp:3095BD69 deleted successfully.
ADS C:\ProgramData\Temp:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\Temp:373C6DC2 deleted successfully.
ADS C:\ProgramData\Temp:580E04D8 deleted successfully.
ADS C:\ProgramData\Temp:F1FE38D7 deleted successfully.
ADS C:\ProgramData\Temp:2FAFBD6A deleted successfully.
C:\Users\Public\Desktop\GAME CENTER.lnk moved successfully.
C:\Users\Public\Desktop\Affair Bureau.lnk moved successfully.
C:\Users\Public\Desktop\Jewel Mystery Die Villa.lnk moved successfully.
C:\Users\Public\Desktop\Odyssee ins Ungewisse.lnk moved successfully.
C:\Users\Public\Desktop\Escape from Lost Island.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mama\Desktop\cmd.bat deleted successfully.
C:\Users\Mama\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mama
->Temp folder emptied: 186297464 bytes
->Temporary Internet Files folder emptied: 251918041 bytes
->Java cache emptied: 166198289 bytes
->FireFox cache emptied: 216960926 bytes
->Flash cache emptied: 5967386 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 472704674 bytes
RecycleBin emptied: 115744040 bytes
 
Total Files Cleaned = 1.350,00 mb
 
 
OTL by OldTimer - Version 3.2.55.0 log created on 08172012_170106

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 17.08.2012, 17:43   #4
t'john
/// Helfer-Team
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Sehr gut!

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.08.2012, 21:08   #5
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Der rechner läuft wieder besser
und hier die gewünschten log files:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.06

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
Mama :: MAMA-PC [Administrator]

Schutz: Aktiviert

17.08.2012 19:20:19
mbam-log-2012-08-17 (19-20-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385849
Laufzeit: 2 Stunde(n), 42 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/17/2012 at 22:05:14
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium  (32 bits)
# User : Mama - MAMA-PC
# Boot Mode : Normal
# Running from : C:\Users\Mama\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Mama\AppData\Local\Conduit
Folder Found : C:\Users\Mama\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Mama\AppData\LocalLow\Conduit
Folder Found : C:\Users\Mama\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Mama\AppData\Roaming\Iminent
Folder Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\Conduit
Folder Found : C:\ProgramData\Trymedia
File Found : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Informer Technologies, Inc.\OpenCandy
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17037

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\prefs.js

Found : user_pref("CT2319825..clientLogIsEnabled", true);
Found : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2319825.CTID", "ct2319825");
Found : user_pref("CT2319825.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2319825.CurrentServerDate", "17-8-2011");
Found : user_pref("CT2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.DialogsGetterLastCheckTime", "Wed Aug 17 2011 18:14:02 GMT+0200");
Found : user_pref("CT2319825.DownloadReferralCookieData", "");
Found : user_pref("CT2319825.EMailNotifierPollDate", "Tue Jun 14 2011 09:24:57 GMT+0200");
Found : user_pref("CT2319825.EnableClickToSearchBox", false);
Found : user_pref("CT2319825.EnableSearchHistory", false);
Found : user_pref("CT2319825.EnableSearchSuggest", false);
Found : user_pref("CT2319825.FeedPollDate11908299", "Tue Jun 14 2011 21:27:05 GMT+0200");
Found : user_pref("CT2319825.FirstServerDate", "14-6-2011");
Found : user_pref("CT2319825.FirstTime", true);
Found : user_pref("CT2319825.FirstTimeFF3", true);
Found : user_pref("CT2319825.FixPageNotFoundErrors", false);
Found : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2319825.HasUserGlobalKeys", true);
Found : user_pref("CT2319825.Initialize", true);
Found : user_pref("CT2319825.InitializeCommonPrefs", true);
Found : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2319825.InstallationType", "ConduitIntegration");
Found : user_pref("CT2319825.InstalledDate", "Tue Jun 14 2011 09:24:57 GMT+0200");
Found : user_pref("CT2319825.IsGrouping", false);
Found : user_pref("CT2319825.IsMulticommunity", false);
Found : user_pref("CT2319825.IsOpenThankYouPage", false);
Found : user_pref("CT2319825.IsOpenUninstallPage", true);
Found : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:25:03 GMT+0200");
Found : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2319825.LastLogin_3.3.3.2", "Tue Jun 14 2011 17:24:55 GMT+0200");
Found : user_pref("CT2319825.LastLogin_3.6.0.10", "Wed Aug 17 2011 18:13:57 GMT+0200");
Found : user_pref("CT2319825.LatestVersion", "3.6.0.10");
Found : user_pref("CT2319825.Locale", "de");
Found : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Found : user_pref("CT2319825.MCDetectTooltipShow", false);
Found : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Found : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2319825.RadioIsPodcast", false);
Found : user_pref("CT2319825.RadioMediaID", "11949532");
Found : user_pref("CT2319825.RadioMediaType", "Media Player");
Found : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Found : user_pref("CT2319825.RadioStationName", "1Live");
Found : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Found : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2319825.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
Found : user_pref("CT2319825.SearchBackToDefaultEngine", false);
Found : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.SearchInNewTabEnabled", true);
Found : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200");
Found : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2319825.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2319825.ServiceMapLastCheckTime", "Wed Aug 17 2011 18:13:56 GMT+0200");
Found : user_pref("CT2319825.SettingsLastCheckTime", "Tue Jun 14 2011 09:24:45 GMT+0200");
Found : user_pref("CT2319825.SettingsLastUpdate", "1307629896");
Found : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Tue Jun 14 2011 09:24:45 GMT+0200");
Found : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Found : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2319825.Uninstall", true);
Found : user_pref("CT2319825.UserID", "UN23697023578223975");
Found : user_pref("CT2319825.WeatherNetwork", "");
Found : user_pref("CT2319825.WeatherPollDate", "Tue Jun 14 2011 09:25:04 GMT+0200");
Found : user_pref("CT2319825.WeatherUnit", "C");
Found : user_pref("CT2319825.alertChannelId", "715912");
Found : user_pref("CT2319825.backendstorage.id", "3133313030313234");
Found : user_pref("CT2319825.components.1000034", false);
Found : user_pref("CT2319825.components.1000082", false);
Found : user_pref("CT2319825.components.1000234", false);
Found : user_pref("CT2319825.components.129136390572498374", false);
Found : user_pref("CT2319825.ct2319825.DialogsAlignMode", "LTR");
Found : user_pref("CT2319825.ct2319825.GroupingInvalidateCache", false);
Found : user_pref("CT2319825.ct2319825.GroupingLastCheckTime", "0");
Found : user_pref("CT2319825.ct2319825.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2319825.ct2319825.InvalidateCache", false);
Found : user_pref("CT2319825.ct2319825.LanguagePackLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200");
Found : user_pref("CT2319825.ct2319825.Locale", "de");
Found : user_pref("CT2319825.ct2319825.RadioLastCheckTime", "Tue Jun 14 2011 15:13:19 GMT+0200");
Found : user_pref("CT2319825.ct2319825.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2319825.ct2319825.SearchInNewTabLastCheckTime", "Wed Aug 17 2011 18:13:57 GMT+0200");
Found : user_pref("CT2319825.ct2319825.SettingsLastCheckTime", "Wed Aug 17 2011 18:13:55 GMT+0200");
Found : user_pref("CT2319825.ct2319825.SettingsLastUpdate", "1313478201");
Found : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastCheck", "Wed Aug 17 2011 18:13:55 GMT+0200");
Found : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2319825.ct2319825.components.128903248917881403", false);
Found : user_pref("CT2319825.ct2319825.components.129264494738128351", false);
Found : user_pref("CT2319825.ct2319825.components.129264512281565287", false);
Found : user_pref("CT2319825.ct2319825.components.129277509933662715", false);
Found : user_pref("CT2319825.ct2319825.components.129309281463312841", false);
Found : user_pref("CT2319825.ct2319825.components.129453462855350877", false);
Found : user_pref("CT2319825.ct2319825.globalFirstTimeInfoLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200[...]
Found : user_pref("CT2319825.ct2319825.toolbarAppMetaDataLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...]
Found : user_pref("CT2319825.ct2319825.toolbarContextMenuLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...]
Found : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200");
Found : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2319825.initDone", true);
Found : user_pref("CT2319825.isAppTrackingManagerOn", true);
Found : user_pref("CT2319825.myStuffEnabled", true);
Found : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,129309281463312841,129[...]
Found : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Found : user_pref("CT2319825.testingCtid", "");
Found : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue Jun 14 2011 09:24:57 GMT+0200");
Found : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200");
Found : user_pref("CT2319825.usageEnabled", false);
Found : user_pref("CT2319825.usagesFlag", 1);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2319825/CT2319825[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "CT2319825");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2319825");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "winload");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://start.facemoods.com/results.php?f[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:56 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 11:02:11 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 13:26:13 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "55a1b866-e28c-4bb4-a521-abbea49970c9");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "a425e461-7b7d-477a-b33a-0e068c885439");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 12:24:46 GMT+0200");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200");
Found : user_pref("ConduitEngine.FirstServerDate", "06/14/2011 10");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Tue Jun 14 2011 09:24:55 GMT+0200");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200");
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 14 2011 18:24:53 GMT+0200");
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 14 2011 18:24:44 GMT+0200");
Found : user_pref("ConduitEngine.UserID", "UN44179821568106090");
Found : user_pref("ConduitEngine.engineLocale", "de");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200");
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 21:24:53 GMT+0200");
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Found : user_pref("extensions.facemoods.aflt", "_#ddr");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "23");
Found : user_pref("keyword.URL", "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=");

Profile name : default-1136075560189 [Profil par défaut]
File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [24427 octets] - [17/08/2012 22:05:14]

########## EOF - C:\AdwCleaner[R1].txt - [24556 octets] ##########
         


Alt 18.08.2012, 15:01   #6
t'john
/// Helfer-Team
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
--> GVU Trojaner Infektion Windows Vista

Alt 18.08.2012, 15:23   #7
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



das andere porgramm kann ich bei mir nicht installieren,da ich angeblich kein service pack 2 von windows vista drauf habe!es kommt die meldung:für den betrieb auf windows vista oder windows server 2008 ist das service pack 2 erforderlich!!

hier das adwcleaner file:
Code:
ATTFilter
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 16:06:30
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium  (32 bits)
# User : Mama - MAMA-PC
# Boot Mode : Normal
# Running from : C:\Users\Mama\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Mama\AppData\Local\Conduit
Folder Deleted : C:\Users\Mama\AppData\Local\vghd
Folder Deleted : C:\Users\Mama\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Mama\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mama\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Mama\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\Conduit
Folder Deleted : C:\ProgramData\Trymedia
File Deleted : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\searchplugins\Conduit.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Google\chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Informer Technologies, Inc.\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17037

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\prefs.js

C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\jgufvso6.default\user.js ... Deleted !

Deleted : user_pref("CT2319825..clientLogIsEnabled", true);
Deleted : user_pref("CT2319825..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2319825..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2319825.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2319825.CTID", "ct2319825");
Deleted : user_pref("CT2319825.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2319825.CurrentServerDate", "17-8-2011");
Deleted : user_pref("CT2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.DialogsGetterLastCheckTime", "Wed Aug 17 2011 18:14:02 GMT+0200");
Deleted : user_pref("CT2319825.DownloadReferralCookieData", "");
Deleted : user_pref("CT2319825.EMailNotifierPollDate", "Tue Jun 14 2011 09:24:57 GMT+0200");
Deleted : user_pref("CT2319825.EnableClickToSearchBox", false);
Deleted : user_pref("CT2319825.EnableSearchHistory", false);
Deleted : user_pref("CT2319825.EnableSearchSuggest", false);
Deleted : user_pref("CT2319825.FeedPollDate11908299", "Tue Jun 14 2011 21:27:05 GMT+0200");
Deleted : user_pref("CT2319825.FirstServerDate", "14-6-2011");
Deleted : user_pref("CT2319825.FirstTime", true);
Deleted : user_pref("CT2319825.FirstTimeFF3", true);
Deleted : user_pref("CT2319825.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2319825.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2319825.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2319825.HasUserGlobalKeys", true);
Deleted : user_pref("CT2319825.Initialize", true);
Deleted : user_pref("CT2319825.InitializeCommonPrefs", true);
Deleted : user_pref("CT2319825.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2319825.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2319825.InstalledDate", "Tue Jun 14 2011 09:24:57 GMT+0200");
Deleted : user_pref("CT2319825.IsGrouping", false);
Deleted : user_pref("CT2319825.IsMulticommunity", false);
Deleted : user_pref("CT2319825.IsOpenThankYouPage", false);
Deleted : user_pref("CT2319825.IsOpenUninstallPage", true);
Deleted : user_pref("CT2319825.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:25:03 GMT+0200");
Deleted : user_pref("CT2319825.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2319825.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2319825.LastLogin_3.3.3.2", "Tue Jun 14 2011 17:24:55 GMT+0200");
Deleted : user_pref("CT2319825.LastLogin_3.6.0.10", "Wed Aug 17 2011 18:13:57 GMT+0200");
Deleted : user_pref("CT2319825.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2319825.Locale", "de");
Deleted : user_pref("CT2319825.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2319825.MCDetectTooltipShow", false);
Deleted : user_pref("CT2319825.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2319825.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2319825.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2319825.RadioIsPodcast", false);
Deleted : user_pref("CT2319825.RadioMediaID", "11949532");
Deleted : user_pref("CT2319825.RadioMediaType", "Media Player");
Deleted : user_pref("CT2319825.RadioMenuSelectedID", "EBRadioMenu_CT231982511949532");
Deleted : user_pref("CT2319825.RadioStationName", "1Live");
Deleted : user_pref("CT2319825.RadioStationURL", "hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_ei[...]
Deleted : user_pref("CT2319825.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2319825.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT2319825.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT2319825.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Deleted : user_pref("CT2319825.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2319825.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2319825.SearchInNewTabLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200");
Deleted : user_pref("CT2319825.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2319825.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2319825.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2319825.ServiceMapLastCheckTime", "Wed Aug 17 2011 18:13:56 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastCheckTime", "Tue Jun 14 2011 09:24:45 GMT+0200");
Deleted : user_pref("CT2319825.SettingsLastUpdate", "1307629896");
Deleted : user_pref("CT2319825.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastCheck", "Tue Jun 14 2011 09:24:45 GMT+0200");
Deleted : user_pref("CT2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2319825.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2319825");
Deleted : user_pref("CT2319825.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2319825.Uninstall", true);
Deleted : user_pref("CT2319825.UserID", "UN23697023578223975");
Deleted : user_pref("CT2319825.WeatherNetwork", "");
Deleted : user_pref("CT2319825.WeatherPollDate", "Tue Jun 14 2011 09:25:04 GMT+0200");
Deleted : user_pref("CT2319825.WeatherUnit", "C");
Deleted : user_pref("CT2319825.alertChannelId", "715912");
Deleted : user_pref("CT2319825.backendstorage.id", "3133313030313234");
Deleted : user_pref("CT2319825.components.1000034", false);
Deleted : user_pref("CT2319825.components.1000082", false);
Deleted : user_pref("CT2319825.components.1000234", false);
Deleted : user_pref("CT2319825.components.129136390572498374", false);
Deleted : user_pref("CT2319825.ct2319825.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2319825.ct2319825.GroupingInvalidateCache", false);
Deleted : user_pref("CT2319825.ct2319825.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2319825.ct2319825.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2319825.ct2319825.InvalidateCache", false);
Deleted : user_pref("CT2319825.ct2319825.LanguagePackLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200");
Deleted : user_pref("CT2319825.ct2319825.Locale", "de");
Deleted : user_pref("CT2319825.ct2319825.RadioLastCheckTime", "Tue Jun 14 2011 15:13:19 GMT+0200");
Deleted : user_pref("CT2319825.ct2319825.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2319825.ct2319825.SearchInNewTabLastCheckTime", "Wed Aug 17 2011 18:13:57 GMT+0200");
Deleted : user_pref("CT2319825.ct2319825.SettingsLastCheckTime", "Wed Aug 17 2011 18:13:55 GMT+0200");
Deleted : user_pref("CT2319825.ct2319825.SettingsLastUpdate", "1313478201");
Deleted : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastCheck", "Wed Aug 17 2011 18:13:55 GMT+0200");
Deleted : user_pref("CT2319825.ct2319825.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2319825.ct2319825.components.128903248917881403", false);
Deleted : user_pref("CT2319825.ct2319825.components.129264494738128351", false);
Deleted : user_pref("CT2319825.ct2319825.components.129264512281565287", false);
Deleted : user_pref("CT2319825.ct2319825.components.129277509933662715", false);
Deleted : user_pref("CT2319825.ct2319825.components.129309281463312841", false);
Deleted : user_pref("CT2319825.ct2319825.components.129453462855350877", false);
Deleted : user_pref("CT2319825.ct2319825.globalFirstTimeInfoLastCheckTime", "Wed Aug 17 2011 18:13:58 GMT+0200[...]
Deleted : user_pref("CT2319825.ct2319825.toolbarAppMetaDataLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...]
Deleted : user_pref("CT2319825.ct2319825.toolbarContextMenuLastCheckTime", "Wed Aug 17 2011 18:14:00 GMT+0200"[...]
Deleted : user_pref("CT2319825.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2319825.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 09:25:01 GMT+0200");
Deleted : user_pref("CT2319825.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.initDone", true);
Deleted : user_pref("CT2319825.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2319825.myStuffEnabled", true);
Deleted : user_pref("CT2319825.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2319825.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2319825.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2319825.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2319825.oldAppsList", "128898076802619665,128898076802619666,111,129309281463312841,129[...]
Deleted : user_pref("CT2319825.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2319825.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2319825.testingCtid", "");
Deleted : user_pref("CT2319825.toolbarAppMetaDataLastCheckTime", "Tue Jun 14 2011 09:24:57 GMT+0200");
Deleted : user_pref("CT2319825.toolbarContextMenuLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200");
Deleted : user_pref("CT2319825.usageEnabled", false);
Deleted : user_pref("CT2319825.usagesFlag", 1);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/715912/711772/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2319825", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2319825",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2319825/CT2319825[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2319825/CT2319825[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2319825");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "winload");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2319825");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{40c3cc16-7269-4b32-9531-17f2950fb06f}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "winload");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://start.facemoods.com/results.php?f[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2319825");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2319825");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:56 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 11:02:11 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 13:26:13 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "55a1b866-e28c-4bb4-a521-abbea49970c9");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jun 14 2011 09:25:04 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "a425e461-7b7d-477a-b33a-0e068c885439");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jun 14 2011 12:24:46 GMT+0200");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200");
Deleted : user_pref("ConduitEngine.FirstServerDate", "06/14/2011 10");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Jun 14 2011 09:24:55 GMT+0200");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200");
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 14 2011 18:24:53 GMT+0200");
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 14 2011 18:24:44 GMT+0200");
Deleted : user_pref("ConduitEngine.UserID", "UN44179821568106090");
Deleted : user_pref("ConduitEngine.engineLocale", "de");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 14 2011 09:24:54 GMT+0200");
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 14 2011 21:24:53 GMT+0200");
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&Sea[...]
Deleted : user_pref("extensions.facemoods.aflt", "_#ddr");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "23");
Deleted : user_pref("keyword.URL", "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q=");

Profile name : default-1136075560189 [Profil par défaut]
File : C:\Users\Mama\AppData\Roaming\Mozilla\Firefox\Profiles\hqe0yr0w.default-1136075560189\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [24558 octets] - [17/08/2012 22:05:14]
AdwCleaner[S1].txt - [25216 octets] - [18/08/2012 16:06:30]

########## EOF - C:\AdwCleaner[S1].txt - [25345 octets] ##########
         

Alt 19.08.2012, 17:23   #8
t'john
/// Helfer-Team
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Alles Windows Updates einspielen, inkl. Service Pack!
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.08.2012, 02:39   #9
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



so jetzt hätten wir es endlich geschafft

hier das gewünschte log file:

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 20.08.2012 01:17:09

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	20.08.2012 01:18:17

Value: hkey_current_user\software\gog\bloodties --> ambientvolume 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> muted 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> preferredx 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> preferredy 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> screenmode 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> sfxvolume 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> waitforvsync 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> customcursors 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> failurereason 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties --> musicvolume 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> recvidmemory 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> version 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> minvidmemory 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> displayguid 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Key: hkey_local_machine\software\trymedia systems\activemark software 	gefunden: Trace.Registry.trymedia!E1
Value: hkey_current_user\software\gog\bloodties\test3d --> warning 	gefunden: Trace.Registry.gamefiesta blood ties!E1
Key: hkey_local_machine\software\trymedia systems 	gefunden: Trace.Registry.trymedia!E1
Value: hkey_current_user\software\gog\bloodties --> inprogress 	gefunden: Trace.Registry.gamefiesta blood ties!E1
C:\Program Files\Oberon Media SIDR\510005456\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510005445\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510005427\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510005352\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510003836\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510003393\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510001610\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510001296\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510001262\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510001170\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510000628\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Oberon Media SIDR\510000410\GameShell.dll 	gefunden: Riskware.Monitor.Win32.Perflogger!E2
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe 	gefunden: APPL!E2

Gescannt	723340
Gefunden	31

Scan Ende:	20.08.2012 03:36:03
Scan Zeit:	2:17:46
         

Alt 20.08.2012, 06:38   #10
t'john
/// Helfer-Team
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Sehr gut!

Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.08.2012, 21:58   #11
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



hier das gewünschte log file:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f6f3046ef6ccd142b4289163c211ab65
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-20 08:51:32
# local_time=2012-08-20 10:51:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 13926215 13926215 0 0
# compatibility_mode=5892 16776573 100 100 59033 183020106 0 0
# compatibility_mode=8192 67108863 100 0 9498 9498 0 0
# scanned=295547
# found=0
# cleaned=0
# scan_time=8514
         

Alt 20.08.2012, 22:04   #12
t'john
/// Helfer-Team
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 6 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.08.2012, 04:23   #13
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 14.0.1 ist aktuell

Flash (11,3,300,270) ist aktuell.

Java (1,7,0,6) ist aktuell.

Adobe Reader 10,1,4,38 ist aktuell.

ich hab da mal noch ne frage: und zwar läuft mein rechner extrem langsam und rechnet lange vor sich hin.und bei firefox kann ich auch nur maximal 2 tabs öffnen ohne das sich firefox aufhängt.liege ich richtig mit der annahme das der virus da seine finger mit im spiel hat??
selbst die installation und konfiguration von service pack 1+2 hat 6 stunden in anspruch genommen.

Alt 21.08.2012, 16:01   #14
t'john
/// Helfer-Team
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.


Aufräumen mit CCleaner

Lasse mit CCleaner (Download) (Anleitung) Fehler in der

  • Registry beheben (mehrmals, solange bis keine Fehler mehr gefunden werden) und
  • temporäre Dateien löschen.




Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 22.08.2012, 15:32   #15
SeinMaedchen
 
GVU Trojaner Infektion Windows Vista - Standard

GVU Trojaner Infektion Windows Vista



danke für die hilfe

Antwort

Themen zu GVU Trojaner Infektion Windows Vista
agency, akamai, antivir, audiodg.exe, aufgehangen, avira, bho, computer, computern, error, euro, firefox, flash player, format, helper, home, kaspersky, logfile, plug-in, registry, rundll, scan, secrets, security, software, svchost.exe, symantec, trojaner, vista, wenig ahnung, windows, wlan




Ähnliche Themen: GVU Trojaner Infektion Windows Vista


  1. Windows 7 - Evtl. Highjacking/ Trojaner-Infektion nach unvorsichtigem Download
    Log-Analyse und Auswertung - 20.04.2015 (16)
  2. Windows 7 Trojaner infektion nach Plugin installation
    Log-Analyse und Auswertung - 15.04.2014 (15)
  3. Windows 8.1: Vermute Trojaner Infektion
    Log-Analyse und Auswertung - 27.02.2014 (4)
  4. gvu trojaner windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (23)
  5. GVU Trojaner Windows Vista
    Log-Analyse und Auswertung - 17.05.2013 (9)
  6. GVU-Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (1)
  7. GVU Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (16)
  8. GVU Trojaner auf Windows Vista PC
    Log-Analyse und Auswertung - 22.01.2013 (21)
  9. BKA Trojaner Windows Vista 32 Bit
    Log-Analyse und Auswertung - 25.11.2012 (6)
  10. Bka Trojaner 2.07 auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (6)
  11. Windows Vista - Infektion mit Sirefef, Sirefef.AB
    Log-Analyse und Auswertung - 21.10.2012 (32)
  12. Trojaner-Infektion auf Windows Vista (Exploit.Drop, Trojan.Ransom.Gen...)
    Log-Analyse und Auswertung - 30.08.2012 (3)
  13. Datenentschlüsselung nach Infektion mit Windows-Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.06.2012 (2)
  14. Windows Vista GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (8)
  15. Windows XP Trojaner infektion
    Log-Analyse und Auswertung - 22.05.2012 (16)
  16. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  17. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)

Zum Thema GVU Trojaner Infektion Windows Vista - Hallo und guten tag, Ich habe mir gestern diesen GVU trojaner eingefangen der mich aufforderte 100 euro per ukash oder paysafecard einzulösen um wieder normal an meinem rechner arbeiten zu - GVU Trojaner Infektion Windows Vista...
Archiv
Du betrachtest: GVU Trojaner Infektion Windows Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.